Ryan/drop
1
0
Fork 0
mirror of https://github.com/Drop-OSS/drop.git synced 2025-11-15 01:01:20 +10:00
Code Issues Packages Projects Releases Wiki Activity

refactor: use hash directly in authmek and version field on authmek

Browse Source
This commit is contained in:
DecDuck
2025-03-24 12:50:21 +11:00
parent cb4937b590
commit 1996b97e99
5 changed files with 30 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
server/api/v1/auth/signin/simple.post.ts
View File

@ -5,7 +5,6 @@ import prisma from "~/server/internal/db/database";
import {
checkHashArgon2,
checkHashBcrypt,
simpleAuth,
} from "~/server/internal/security/simple";
import sessionHandler from "~/server/internal/session";
@ -43,16 +42,18 @@ export default defineEventHandler(async (h3) => {
statusCode: 401,
statusMessage: "Invalid username or password.",
});
else if (!authMek.user.enabled)
if (!authMek.user.enabled)
throw createError({
statusCode: 403,
statusMessage:
"Invalid or disabled account. Please contact the server administrator.",
});
// if using old auth schema
if (Array.isArray(authMek.credentials)) {
const hash = authMek.credentials.at(1)?.toString();
// LEGACY bcrypt
if (authMek.version == 1) {
const credentials = authMek.credentials as JsonArray | null;
const hash = credentials?.at(1)?.toString();
if (!hash)
throw createError({
@ -69,30 +70,25 @@ export default defineEventHandler(async (h3) => {
// TODO: send user to forgot password screen or something to force them to change their password to new system
await sessionHandler.setUserId(h3, authMek.userId, rememberMe);
return { result: true, userId: authMek.userId };
} else {
// using new (modern) login flow
const creds = simpleAuth(authMek.credentials);
if (creds instanceof type.errors) {
// hover out.summary to see validation errors
console.error(creds.summary);
throw createError({
statusCode: 403,
statusMessage:
"Invalid password state. Please contact the server administrator.",
});
}
if (!(await checkHashArgon2(password, creds.password)))
throw createError({
statusCode: 401,
statusMessage: "Invalid username or password.",
});
await sessionHandler.setUserId(h3, authMek.userId, rememberMe);
return { result: true, userId: authMek.userId };
}
// V2: argon2
const hash = authMek.credentials as string | undefined;
if (!hash || typeof hash !== "string")
throw createError({
statusCode: 500,
statusMessage:
"Invalid password state. Please contact the server administrator.",
});
if (!(await checkHashArgon2(password, hash)))
throw createError({
statusCode: 401,
statusMessage: "Invalid username or password.",
});
await sessionHandler.setUserId(h3, authMek.userId, rememberMe);
return { result: true, userId: authMek.userId };
});